Skip to main content

aws_efs_file_system resource

[edit on GitHub]

[edit on GitHub]

Use the aws_efs_file_system InSpec audit resource to test the properties of a single AWS EFS file system. This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.

Syntax

An aws_efs_file_system resource block declares the tests for a single AWS EFS file system by either file system id or creation token.

describe aws_efs_file_system(file_system_id: 'fs-12345678') do
  it                         { should be_encrypted }
  its('size_in_bytes.value') { should cmp 6144 }
end

describe aws_efs_file_system(creation_token: 'my-token') do
  its('encrypted')       { should cmp true }
  its('throughput_mode') { should eq 'bursting' }
end

The value of the file_system_id can be provided as a string.

describe aws_efs_file_system('fs-12345678') do
  it { should exist }
end

Parameters

Either the EFS file system id or creation token must be provided.

file_system_id (required if creation_token not provided)

The ID of the EFS file system. This is in the format of fs- followed by 8 or 17 hexadecimal characters. This can be passed either as a string or as a file_system_id: 'value' key-value entry in a hash.

creation*token *(required if file_system_id not provided)_

The creation token is automatically assigned by AWS if not provided by the user at creation. This is a string with minimum 1 and maximum 64-character long. This must be passed as a creation_token: 'value' key-value entry in a hash.

Properties

PropertyDescription
creation_tokenThe value of the creation token.
file_system_idThe id of the file system which is auto-assigned by the AWS.
encryptedIndicates whether the file system is encrypted or not.
life_cycle_stateThe lifecycle phase of the file system, e.g. ‘creating’.
owner_idThe AWS account that created the file system.
performance_modeThe performance mode of the file system, e.g. ‘maxIO’.
throughput_modeThe throughput mode for a file system, e.g. ‘bursting’.
tagsAn hash with each key-value pair corresponding to a tag associated with the entity.

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Test that an EFS file system is available

describe aws_efs_file_system("fs-12345678") do
    its("life_cycle_state") { should eq 'available' }
end

Test that an EFS file system is in ‘maxIO’ performance mode

describe aws_efs_file_system(creation_token: "My Token") do
    its("performance_mode") { should eq "maxIO" }
end

Test that an EFS file system has a certain tag

describe aws_efs_file_system(creation_token: "My Token") do
    its("tags") { should include("companyName" => "My Company") }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

describe aws_efs_file_system(file_system_id: "fs-12345678") do
    it { should exist }
end

be_encrypted

describe aws_efs_file_system(creation_token: "My Token") do
    it { should be_encrypted }
end

AWS Permissions

Your Principal will need the elasticfilesystem:DescribeFileSystems action set to allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.

Was this page helpful?